Severe Security Flaw Exposes Over a Million WordPress Sites to Hijack

May 12, 2023IRavie LakshmananWebsite Vulnerability / Security


A security vulnerability has been disclosed in the popular WordPress Essential Addons plugin for Elementor that could be exploited to gain elevated privileges on affected sites.

The issue, tracked as CVE-2023-32243, has been fixed by plugin maintainers in version 5.7.2 that shipped on May 11, 2023. Essential Addons for Elementor has over 1 million active facilities.

“This plugin suffers from an unauthenticated privilege escalation vulnerability and allows any unauthenticated user to escalate their privileges to those of any user on the WordPress site,” said Patchstack researcher Rafie Muhammad.

Successful exploitation of the flaw could allow a threat actor to reset the password of any arbitrary user, as long as the malicious party knows their username. The flaw is believed to have existed since version 5.4.0.

This can have serious ramifications, as the flaw could be used to reset the password associated with an administrator account and take full control of the website.

“This vulnerability occurs because this password reset feature does not validate a password reset key and instead directly changes the given user’s password,” Muhammad noted.

Cyber ​​security

The disclosure comes more than a year after Patchstack disclosed another serious flaw in the same plugin that could have been abused to execute arbitrary code on compromised websites.

The findings also follow the discovery of a new wave of attacks targeting WordPress sites since late March 2023 aimed at injecting the notorious SocGholish malware (aka FakeUpdates).

SocGholish is a persistent JavaScript malware framework that functions as an initial access provider to facilitate the delivery of additional malware to infected hosts. The malware has been distributed via drive-by downloads masquerading as a web browser update.

The latest campaign detected by Sucuri was found to leverage compression techniques using a software library called zlib to hide the malware, reduce its footprint and avoid detection.

“Bad actors are continuously evolving their tactics, techniques and procedures to evade detection and extend the life of their malware campaigns,” said Sucuri researcher Denis Sinegubko.

“The SocGholish malware is a good example of this, as attackers have modified their approach in the past to inject malicious scripts into compromised WordPress websites.”


Learn how to stop ransomware with real-time protection

Join our webinar and learn how to stop ransomware attacks with real-time MFA and service account protection.

Save my seat!

It’s not just SocGholish. Malwarebytes, in a technical report this week, detailed a malicious advertising campaign that provides visitors to adult websites with pop-up ads that simulate a fake Windows update to drop the “in2al5d p3in4er” loader (aka as an invalid printer).


“The scheme is very well designed as it relies on the web browser to display a full-screen animation that looks a lot like what you’d expect from Microsoft,” said Jérôme Segura, Director of Threat Intelligence from Malwarebytes.

The bootloader, which was documented by Morphisec last month, is designed to check the system’s graphics card to determine whether it’s running in a virtual machine or sandbox environment, and eventually launch the d-stealing malware. Aurora information.

The campaign, according to Malwarebytes, has claimed 585 victims over the past two months, with the threat actor also linked to other tech support scams and an Amadey bot control and dashboard.

Did you find this article interesting? Follow us at Twitter and LinkedIn to read more exclusive content we publish.

Source link
Ikaroa, a full stack tech company, is here to not only keep websites running smoothly, but safe from malicious threats. Such is the case currently with the WordPress platform, where over a million users were recently exposed to a severe security vulnerability that left their sites vulnerable to hijacking.

The recent security flaw, which was said to be “guaranteed” to be exploited according to Sucuri, allowed hackers to execute code on vulnerable sites and even hijack them without user permission. This particular issue is said to have been active since February 2019, making it even more important for users to update their sites for security.

The good news is that WordPress has already released a patch for the issue and has urged users to install it immediately. It is not currently known if this patch was ever exploited by hackers, but the development team at WordPress is urging extreme caution and vigilance when it comes to such threats.

In light of this security breach, Ikaroa is now offering website security audits and consulting services to companies of all sizes. We believe that website security is an essential part of an effective online presence, and encourage all users to keep updating and maintaining their sites for the best possible performance.

Whether you need an audit of your current security measures or would like to upgrade them, Ikaroa is here to provide the tools needed to stay safe. Our team of experts are dedicated to backing up and keeping your site secure, so you don’t have to worry about any malicious threats in the future.

Stay vigilant and make sure to update your WordPress sites to help reduce the potential for malicious activities. With Ikaroa by your side, you can be sure your site is safe and secure for years to come.


Leave a Reply

Your email address will not be published. Required fields are marked *